|
Post by bracknellboy on Nov 13, 2015 19:25:43 GMT
Earlier today I requested a withdrawl after completion of one of my (rather small) investments in W&C. They have asked for me to send my bank account details by email (first withdrawl). They have given me option of calling them instead, this is posed as a more general question.
I have to say that as a rule I'm never keen - and don't believe I have ever been asked before - to send bank details by email. What are others view on this ?
|
|
ilmoro
Member of DD Central
'Wondering which of the bu***rs to blame, and watching for pigs on the wing.' - Pink Floyd
Posts: 10,851
Likes: 11,078
|
Post by ilmoro on Nov 13, 2015 19:31:26 GMT
Earlier today I requested a withdrawl after completion of one of my (rather small) investments in W&C. They have asked for me to send my bank account details by email (first withdrawl). They have given me option of calling them instead, this is posed as a more general question. I have to say that as a rule I'm never keen - and don't believe I have ever been asked before - to send bank details by email. What are others view on this ? Ablrate did the same. I phoned. I agree with you. Not something I would be happy doing
|
|
|
Post by mrclondon on Nov 13, 2015 22:49:20 GMT
Whilst not ideal, there is minimal direct security risk. A bank account and sort number is only of immediate use to someone who already has a direct debit originator agreement with the banking system, so the main risk is cash flow issues whilst you claim against the direct debit guarantee in the unlikely event a rogue employee at a company with a direct debit originator agreement worked out a system for syphoning off funds.
The greater risk is that the bank account details could subsequently be used for a more sophisticated phishing email ... because you see detail in front of you that your brain says are "secret" you think its a genuine email.
|
|
james
Posts: 2,205
Likes: 955
|
Post by james on Nov 14, 2015 12:41:08 GMT
If the email really is from them and you use contact details you already know then it's not a direct security threat to your money. I'm content to send such details in email provided I can independently verify that the place (email or web site) I'm sending them to is genuine.
However, it is poor practice because by doing this they are training their customers to respond to such emails, yet would presumably not want to accept the cost of future fraud losses when the customer reacts as they have trained them and sends the information to a fraudster pretending to be a legitimate institution. That's bad for their customers and teh UK financial sector in general because we need customers trained not to respond to such emails except via methods not contained in the email.
It's good that they have offered a phone alternative, at lest if that phone number is one already published and not one just contained in the email. If it's just in the email then again it is educating their customers to respond to fraudulent emails in a risky way.
|
|
agent69
Member of DD Central
Posts: 5,600
Likes: 4,185
|
Post by agent69 on Nov 14, 2015 13:38:19 GMT
I'm content to send such details in email provided I can independently verify that the place (email or web site) I'm sending them to is genuine. The problem with e-mails is that they have a large 'footprint', having passed through several servers between you and W&C. It's a bit like sending credit card details to foreign hotels to secure a booking. Not ideal, but in reality the bigger risk is probably somebody accessing your computer and rummaging through the details in your sent items folder.
|
|
james
Posts: 2,205
Likes: 955
|
Post by james on Nov 14, 2015 14:07:31 GMT
The problem with e-mails is that they have a large 'footprint', having passed through several servers between you and W&C. ... It's a bit like sending credit card details to foreign hotels to secure a booking. Not ideal, but in reality the bigger risk is probably somebody accessing your computer and rummaging through the details in your sent items folder. Well, maybe. It depends in part on whether the sending and receiving email servers are configured to use encrypted transfers between them. This is possible and I see that its use seems to be growing in the financial world. Without such settings being in place and working the chain of mail servers and internet connections that could potentially compromise the contents of an unencrypted email can be large, not least including the intelligence service of countries the email is passing through that probably have interception tools in place at or adjacent to major internet interconnection exchanges that will scan its contents to look for potentially useful commercial and other intelligence. Even sending to receiving encryption isn't a sure prevention if the objective is to prevent government interception, of course, but at least it'll protect against most criminal groups. On the other hand, a really major internet mail provider like say Google, might have no intermediate email servers and may use its own dedicated and encrypted network to get the email close to the destination server. Of course there are limits on what I'll send by email because I do know of a wide range of interception methods.
|
|
|
Post by batchoy on Nov 14, 2015 19:08:02 GMT
Whilst not ideal, there is minimal direct security risk. A bank account and sort number is only of immediate use to someone who already has a direct debit originator agreement with the banking system, so the main risk is cash flow issues whilst you claim against the direct debit guarantee in the unlikely event a rogue employee at a company with a direct debit originator agreement worked out a system for syphoning off funds. The greater risk is that the bank account details could subsequently be used for a more sophisticated phishing email ... because you see detail in front of you that your brain says are "secret" you think its a genuine email. The direct debit system is notoriously open to fraud, due to the lack of verification of details. Armed with your bank details it is easy for someone to have a direct debit set up over the phone for goods and services that are delivered to another address. Proving that you weren't responsible for the Direct Debit is also difficult. Personally I would never send such information in an un-encrypted email. I see too many spam emails using spoofed email addresses that are too obscure and only known to myself and used for inter server communication to believe that there aren't people out there harvesting information from emails.
|
|
|
Post by xyon100 on Dec 9, 2015 12:48:22 GMT
It's funny how this subject rarely if ever came up when we were (and still are, though not as much) sending cheques in the post which contain all those details, plus a signature, plus it should have a return address on the back. Also, you don't have to prove anything to be covered by the direct debit guarantee scheme. You say you didn't authorise it, you get it back, period.
At the end of the day you can assign a certain amount of risk to all methods of getting paid, but giving your basic account details so people can pay you money is safe by any reasonable standard. DD fraud does happen but despite what some might tell you, it's not that common despite literally millions of account numbers and sort codes being available via a simple google search. In the unlikely event it did happen, you are covered.
To be honest, this whole UK "private" bank details stuff has been driving me up the wall for years. The number of times I have been greeted with suspicion and downright hostility simply for asking for the details I need in order to pay has been astonishing. I have even had suppliers advised BY THEIR BANK to refuse to give their IBAN and BIC codes to me when the ONLY purpose of the code is to give to people so they can pay you!
I have even seen continental eBay buyers given negative feedback simply for asking for bank details. It is a mystery in these parts as to how you can even function while keeping basic bank details secret. In fact I would prove my point (and have in the past) by posting my own bank details here. The only reason I wont is a mod is likely to consider I have posted private information (it's not) and that if somebody is determined to make mischief to prove a point, they possibly will.
But can you steal from me via my account number and sort code? No chance. The private bank details thing in the UK is massively over blown.
|
|
|
Post by yorkshireman on Dec 9, 2015 15:36:39 GMT
Rather than use email, a family member decided to send their bank details by signed for delivery and Royal Mail have yet to deliver 3 weeks later although their tracking system does say that it is being progressed as it has done since the day after posting. Which raises the question, does an envelope that requires signing for attract the attention of inquisitive / unscrupulous employees?
|
|
|
Post by wellesleyco on Dec 9, 2015 16:17:07 GMT
yorkshireman does your comment apply to your family member sending bank details to Wellesley & Co?
|
|
|
Post by yorkshireman on Dec 9, 2015 16:57:17 GMT
yorkshireman does your comment apply to your family member sending bank details to Wellesley & Co? Yes. However, the details have been provided to Wellesley by phone and the monies have been transferred, the problem appears to be with Royal Mail.
|
|
|
Post by wellesleyco on Dec 9, 2015 16:58:35 GMT
yorkshireman please DM me if you would like us to investigate also.
|
|
shimself
Member of DD Central
Posts: 2,561
Likes: 1,170
|
Post by shimself on Dec 9, 2015 20:33:38 GMT
Earlier today I requested a withdrawl after completion of one of my (rather small) investments in W&C. They have asked for me to send my bank account details by email (first withdrawl). They have given me option of calling them instead, this is posed as a more general question. I have to say that as a rule I'm never keen - and don't believe I have ever been asked before - to send bank details by email. What are others view on this ? your name, the sort code, account number, bank name and branch address appear on every single cheque
|
|
shimself
Member of DD Central
Posts: 2,561
Likes: 1,170
|
Post by shimself on Dec 9, 2015 20:36:53 GMT
..
But can you steal from me via my account number and sort code? No chance. The private bank details thing in the UK is massively over blown. I think jeremy Clarkson published his bank details once, making a similar point- a few days later somebody had managed to get him signed up to pay regular sums to some charity (something like that)
|
|
|
Post by xyon100 on Dec 10, 2015 4:20:37 GMT
..
But can you steal from me via my account number and sort code? No chance. The private bank details thing in the UK is massively over blown. I think jeremy Clarkson published his bank details once, making a similar point- a few days later somebody had managed to get him signed up to pay regular sums to some charity (something like that) As I said, the only reasons I will not make my point by publishing my "bank details" here is because for one, a mod will likely remove my post for publishing "private" information and for two, it IS possible to make mischief with those details because of the sloppy direct debit system in the UK. Clarkson was absolutely right, he just failed to take account of the fact that if you challenge millions to make mischief, one likely will. Despite challenging the entire planet to steal his money by publishing his bank details, nobody managed to steal a penny.
It is simple ridiculous that a banking system that still gives out cheque books would insist that bank details are private and personal. While some worry about their bank details getting phished from an email, mine are on my website and on every invoice I ever sent. They can also be found on google along with many millions of others. Just seconds ago on an article about Bitcoin, I heard yet another warning about my bank details! You want them, you can have them!
My details are published on all my sales and on my website. How, in 2015, do you send an invoice without the details needed to send a bank transfer? Yup, those "bank details" again. Without meaning to be rude to those bombarded with warnings to keep bank details personal and private, it is simply comical to see all this hand-wringing about putting basic account information in an email.
|
|